CVE-2011-4320 #2170

zofpolkowska · 2018-12-18T11:11:56Z

This PR addresses ejabberd CVE (https://www.cvedetails.com/cve/CVE-2011-4320/) about infinite loop causing DoS when a user from other domain publishes an item to not existent node (no node attribute).

Added new test suite for pubsub over s2s
Added 2 test cases for publish item by remote user
- Node attribute is present
- Without node attribute
  In both cases remote-server-not-found error should be returned

…ctive stanza

mongoose-im · 2018-12-18T11:25:18Z

6037.1 / Erlang 19.3 / small_tests / 3081a7b
Reports root / small

6037.2 / Erlang 19.3 / internal_mnesia / 3081a7b
Reports root/ big
OK: 1171 / Failed: 0 / User-skipped: 52 / Auto-skipped: 0

6037.3 / Erlang 19.3 / mysql_redis / 3081a7b
Reports root/ big
OK: 2942 / Failed: 0 / User-skipped: 223 / Auto-skipped: 0

6037.5 / Erlang 19.3 / ldap_mnesia / 3081a7b
Reports root/ big
OK: 1136 / Failed: 0 / User-skipped: 87 / Auto-skipped: 0

6037.6 / Erlang 19.3 / elasticsearch_and_cassandra_mnesia / 3081a7b
Reports root/ big
OK: 445 / Failed: 0 / User-skipped: 8 / Auto-skipped: 0

6037.4 / Erlang 19.3 / odbc_mssql_mnesia / 3081a7b
Reports root/ big
OK: 2956 / Failed: 0 / User-skipped: 209 / Auto-skipped: 0

6037.8 / Erlang 20.0 / pgsql_mnesia / 3081a7b
Reports root/ big / small
OK: 2988 / Failed: 0 / User-skipped: 177 / Auto-skipped: 0

6037.9 / Erlang 21.0 / riak_mnesia / 3081a7b
Reports root/ big / small
OK: 1407 / Failed: 1 / User-skipped: 50 / Auto-skipped: 0

mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server

{error,
  {timeout_when_waiting_for_stanza,
    [{escalus_client,wait_for_stanza,
       [{client,<<"eve77.985148@localhost/res1">>,escalus_tcp,
          <0.24636.1>,
          [{event_manager,<0.24627.1>},
           {server,<<"localhost">>},
           {username,<<"eve77.985148">>},
           {resource,<<"res1">>}],
          [{event_client,
             [{event_manager,<0.24627.1>},
            {server,<<"localhost">>},
            {username,<<"eve77.985148">>},
            {resource,<<"res1">>}]},
           {resource,<<"res1">>},
           {username,<<"eve77.985148">>},
           {server,<<"localhost">>},
           {host,<<"localhost">>},
           {port,5222},
           {auth,{escalus_auth,auth_plain}},
           {wspath,undefined},
           {username,<<"eve77.985148">>},
           {server,<<"localhost">>},
           {password,<<"password">>},
           {port,5222},
           {stream_management,true},
           {stream_id,<<"B36E2D4A2FE6FA61">>}]},
        10000],
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
        {line,138}]},
     {mod_global_distrib_SUITE,
       '-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
       4,
       [{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
     {escalus_story,story,4,
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
        {line,72}]},
    ...

Report log

codecov · 2018-12-18T12:06:59Z

Codecov Report

Merging #2170 into master will decrease coverage by 0.07%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2170      +/-   ##
==========================================
- Coverage   78.66%   78.58%   -0.08%     
==========================================
  Files         329      329              
  Lines       28421    28421              
==========================================
- Hits        22357    22336      -21     
- Misses       6064     6085      +21

Impacted Files	Coverage Δ
src/mam/mod_mam_muc_rdbms_async_pool_writer.erl	`63.54% <0%> (-4.17%)`	⬇️
src/mam/mod_mam_rdbms_prefs.erl	`92.52% <0%> (-3.74%)`	⬇️
src/rdbms/mongoose_rdbms.erl	`67.21% <0%> (-2.74%)`	⬇️
...c/global_distrib/mod_global_distrib_server_mgr.erl	`83.09% <0%> (-2.12%)`	⬇️
src/cassandra/mongoose_cassandra_worker.erl	`74.38% <0%> (-0.99%)`	⬇️
src/mam/mod_mam_utils.erl	`82.37% <0%> (-0.68%)`	⬇️
src/mod_muc_log.erl	`77.69% <0%> (-0.26%)`	⬇️
src/ejabberd_c2s.erl	`86.79% <0%> (-0.08%)`	⬇️
src/mod_bosh_socket.erl	`82.17% <0%> (+0.33%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4c42394...e3bb7ef. Read the comment docs.

aleklisi

PR looks good 👍

aleklisi · 2018-12-18T11:39:59Z

big_tests/tests/pubsub_s2s_SUITE.erl

+    [{group, GN} || {GN, _, _} <- groups()].
+
+groups() ->
+    lists:flatmap(


It can be simplified to:

[ {encode_group_name(BaseGroup, NodeTree), Opts, Cases} || {BaseGroup, Opts, Cases} <- base_groups(), NodeTree <- [<<"dag">>, <<"tree">>]]```

mongoose-im · 2018-12-18T12:18:15Z

6038.1 / Erlang 19.3 / small_tests / 25fca22
Reports root / small

6038.3 / Erlang 19.3 / mysql_redis / 25fca22
Reports root/ big
OK: 2942 / Failed: 0 / User-skipped: 223 / Auto-skipped: 0

6038.2 / Erlang 19.3 / internal_mnesia / 25fca22
Reports root/ big
OK: 1171 / Failed: 0 / User-skipped: 52 / Auto-skipped: 0

6038.6 / Erlang 19.3 / elasticsearch_and_cassandra_mnesia / 25fca22
Reports root/ big
OK: 445 / Failed: 0 / User-skipped: 8 / Auto-skipped: 0

6038.4 / Erlang 19.3 / odbc_mssql_mnesia / 25fca22
Reports root/ big
OK: 2982 / Failed: 2 / User-skipped: 209 / Auto-skipped: 0

mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server

{error,
  {timeout_when_waiting_for_stanza,
    [{escalus_client,wait_for_stanza,
       [{client,<<"eve12.895875@localhost/res1">>,escalus_tcp,
          <0.20300.3>,
          [{event_manager,<0.20291.3>},
           {server,<<"localhost">>},
           {username,<<"eve12.895875">>},
           {resource,<<"res1">>}],
          [{event_client,
             [{event_manager,<0.20291.3>},
            {server,<<"localhost">>},
            {username,<<"eve12.895875">>},
            {resource,<<"res1">>}]},
           {resource,<<"res1">>},
           {username,<<"eve12.895875">>},
           {server,<<"localhost">>},
           {host,<<"localhost">>},
           {port,5222},
           {auth,{escalus_auth,auth_plain}},
           {wspath,undefined},
           {username,<<"eve12.895875">>},
           {server,<<"localhost">>},
           {password,<<"password">>},
           {port,5222},
           {stream_management,true},
           {stream_id,<<"278CDE6ED3401E31">>}]},
        10000],
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
        {line,138}]},
     {mod_global_distrib_SUITE,
       '-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
       4,
       [{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
     {escalus_story,story,4,
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
        {line,72}]},
    ...

Report log

mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server

{error,
  {timeout_when_waiting_for_stanza,
    [{escalus_client,wait_for_stanza,
       [{client,<<"eve44.640792@localhost/res1">>,escalus_tcp,
          <0.20714.3>,
          [{event_manager,<0.20705.3>},
           {server,<<"localhost">>},
           {username,<<"eve44.640792">>},
           {resource,<<"res1">>}],
          [{event_client,
             [{event_manager,<0.20705.3>},
            {server,<<"localhost">>},
            {username,<<"eve44.640792">>},
            {resource,<<"res1">>}]},
           {resource,<<"res1">>},
           {username,<<"eve44.640792">>},
           {server,<<"localhost">>},
           {host,<<"localhost">>},
           {port,5222},
           {auth,{escalus_auth,auth_plain}},
           {wspath,undefined},
           {username,<<"eve44.640792">>},
           {server,<<"localhost">>},
           {password,<<"password">>},
           {port,5222},
           {stream_management,true},
           {stream_id,<<"FF197D0BD003D94C">>}]},
        10000],
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
        {line,138}]},
     {mod_global_distrib_SUITE,
       '-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
       4,
       [{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
     {escalus_story,story,4,
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
        {line,72}]},
    ...

Report log

6038.5 / Erlang 19.3 / ldap_mnesia / 25fca22
Reports root/ big
OK: 1136 / Failed: 0 / User-skipped: 87 / Auto-skipped: 0

6038.8 / Erlang 20.0 / pgsql_mnesia / 25fca22
Reports root/ big / small
OK: 3001 / Failed: 1 / User-skipped: 177 / Auto-skipped: 0

mod_global_distrib_SUITE:mod_global_distrib:test_pm_with_ungraceful_reconnection_to_different_server

{error,
  {timeout_when_waiting_for_stanza,
    [{escalus_client,wait_for_stanza,
       [{client,<<"eve90.229516@localhost/res1">>,escalus_tcp,
          <0.21192.3>,
          [{event_manager,<0.21183.3>},
           {server,<<"localhost">>},
           {username,<<"eve90.229516">>},
           {resource,<<"res1">>}],
          [{event_client,
             [{event_manager,<0.21183.3>},
            {server,<<"localhost">>},
            {username,<<"eve90.229516">>},
            {resource,<<"res1">>}]},
           {resource,<<"res1">>},
           {username,<<"eve90.229516">>},
           {server,<<"localhost">>},
           {host,<<"localhost">>},
           {port,5222},
           {auth,{escalus_auth,auth_plain}},
           {wspath,undefined},
           {username,<<"eve90.229516">>},
           {server,<<"localhost">>},
           {password,<<"password">>},
           {port,5222},
           {stream_management,true},
           {stream_id,<<"5E310E35DEC69462">>}]},
        10000],
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
        {line,138}]},
     {mod_global_distrib_SUITE,
       '-test_pm_with_ungraceful_reconnection_to_different_server/1-fun-0-',
       4,
       [{file,"mod_global_distrib_SUITE.erl"},{line,607}]},
     {escalus_story,story,4,
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
        {line,72}]},
    ...

Report log

michalwski

Looks good to me. I had only one concern regarding potential code duplication.

michalwski · 2018-12-18T12:23:33Z

big_tests/tests/pubsub_s2s_SUITE.erl

+     publish_without_node_attr_test
+    ].
+
+encode_group_name(BaseName, NodeTree) ->


Is this and the following function used in pubsub_SUITE as well? If so I think it be worth move this to the pubsub_tools module and use it from both SUITEs.

mongoose-im · 2018-12-18T13:09:51Z

6040.1 / Erlang 19.3 / small_tests / 369e1af
Reports root / small

mongoose-im · 2018-12-18T13:44:43Z

6041.1 / Erlang 19.3 / small_tests / 23e5cea
Reports root / small

6041.2 / Erlang 19.3 / internal_mnesia / 23e5cea
Reports root/ big
OK: 1171 / Failed: 0 / User-skipped: 52 / Auto-skipped: 0

6041.3 / Erlang 19.3 / mysql_redis / 23e5cea
Reports root/ big
OK: 2942 / Failed: 0 / User-skipped: 223 / Auto-skipped: 0

6041.6 / Erlang 19.3 / elasticsearch_and_cassandra_mnesia / 23e5cea
Reports root/ big
OK: 445 / Failed: 0 / User-skipped: 8 / Auto-skipped: 0

6041.5 / Erlang 19.3 / ldap_mnesia / 23e5cea
Reports root/ big
OK: 1136 / Failed: 0 / User-skipped: 87 / Auto-skipped: 0

6041.4 / Erlang 19.3 / odbc_mssql_mnesia / 23e5cea
Reports root/ big
OK: 2956 / Failed: 0 / User-skipped: 209 / Auto-skipped: 0

6041.8 / Erlang 20.0 / pgsql_mnesia / 23e5cea
Reports root/ big / small
OK: 2988 / Failed: 0 / User-skipped: 177 / Auto-skipped: 0

6041.9 / Erlang 21.0 / riak_mnesia / 23e5cea
Reports root/ big / small
OK: 1394 / Failed: 0 / User-skipped: 50 / Auto-skipped: 0

Extract forming pusblish request and add helper function forming defe…

8e14995

…ctive stanza

zofpolkowska changed the title ~~Cve 2011 4320~~ CVE-2011-4320 Dec 18, 2018

zofpolkowska force-pushed the cve-2011-4320 branch from 8200dc3 to b04974c Compare December 18, 2018 11:21

zofpolkowska force-pushed the cve-2011-4320 branch from b04974c to 030145a Compare December 18, 2018 12:06

Add test suite for pubsub feature over s2s

51ab1f3

zofpolkowska force-pushed the cve-2011-4320 branch from 030145a to 0886079 Compare December 18, 2018 12:09

aleklisi approved these changes Dec 18, 2018

View reviewed changes

michalwski reviewed Dec 18, 2018

View reviewed changes

Move some common helper functions to pubsub_tools

e3bb7ef

zofpolkowska force-pushed the cve-2011-4320 branch from 0886079 to e3bb7ef Compare December 18, 2018 13:06

aleklisi merged commit 5d42b02 into master Dec 18, 2018

fenek deleted the cve-2011-4320 branch January 4, 2019 13:18

fenek added this to the 3.2.0++ milestone Jan 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2011-4320 #2170

CVE-2011-4320 #2170

zofpolkowska commented Dec 18, 2018 •

edited

Loading

mongoose-im commented Dec 18, 2018 •

edited

Loading

codecov bot commented Dec 18, 2018 •

edited

Loading

aleklisi left a comment

aleklisi Dec 18, 2018

mongoose-im commented Dec 18, 2018 •

edited

Loading

michalwski left a comment

michalwski Dec 18, 2018

mongoose-im commented Dec 18, 2018

mongoose-im commented Dec 18, 2018 •

edited

Loading

CVE-2011-4320 #2170

CVE-2011-4320 #2170

Conversation

zofpolkowska commented Dec 18, 2018 • edited Loading

mongoose-im commented Dec 18, 2018 • edited Loading

codecov bot commented Dec 18, 2018 • edited Loading

Codecov Report

aleklisi left a comment

Choose a reason for hiding this comment

aleklisi Dec 18, 2018

Choose a reason for hiding this comment

mongoose-im commented Dec 18, 2018 • edited Loading

michalwski left a comment

Choose a reason for hiding this comment

michalwski Dec 18, 2018

Choose a reason for hiding this comment

mongoose-im commented Dec 18, 2018

mongoose-im commented Dec 18, 2018 • edited Loading

zofpolkowska commented Dec 18, 2018 •

edited

Loading

mongoose-im commented Dec 18, 2018 •

edited

Loading

codecov bot commented Dec 18, 2018 •

edited

Loading

mongoose-im commented Dec 18, 2018 •

edited

Loading

mongoose-im commented Dec 18, 2018 •

edited

Loading